Technique directors breathed a sigh of relief yesterday following Microsoft issued a fairly mild patch update round, with no zero-day vulnerabilities and only six critical CVEs on the listing.
On the other hand, there was even now some function to do. Amid the 78 CVEs tackled was a critical SharePoint elevation of privilege bug (CVE-2023-29357), which Adam Barnett, guide computer software engineer at Speedy7, stated companies really should prioritize.
“Microsoft is not aware of community disclosure or in-the-wild exploitation, but considers exploitation far more possible,” he extra.
“At time of writing, the FAQ offered with Microsoft’s advisory implies that both of those SharePoint Company Server 2016 and SharePoint Server 2019 are susceptible, but neither the advisory nor the SharePoint 2016 Release historical past checklist any relevant patches for SharePoint 2016. Defenders responsible for SharePoint 2016 will no question desire to comply with up on this one particular as a make a difference of some urgency.”
There may perhaps also be a lot more than just one patch mentioned for a specific SharePoint version. If so, all of them will have to be mounted to remediate the flaw, Barnett reported.
Browse a lot more on Patch Tuesday: Microsoft Fixes Zero-Day Bug This Patch Tuesday.
Somewhere else, there have been three critical remote code execution (RCE) vulnerabilities listed for Windows Pragmatic Common Multicast (PGM) – the third Patch Tuesday in a row to aspect at minimum a person critical RCE bug in PGM. These are CVE-2023-32015, CVE-2023-32014, and CVE-2023-29363.
Mike Walters, VP of vulnerability and danger study at Motion1, explained that the Windows PGM protocol is usually utilised in video streaming and on the net gaming applications.
“These vulnerabilities have a large CVSS score of 9.8 and pose a severe risk. They can be exploited about the network without having requiring privileges or person conversation. Influenced techniques contain all variations of Windows Server 2008 and later, as properly as Windows 10 and later,” he warned.
“If the Windows Information Queuing Services is functioning in a PGM Server atmosphere, an attacker could ship a specially crafted file to obtain remote code execution. To mitigate this vulnerability, take into account checking if the Concept Queuing provider is operating on TCP port 1801 and disable it if not needed. On the other hand, be careful as this could impression method performance.”
Editorial impression credit history: monticello / Shutterstock.com
Some parts of this article are sourced from:
www.infosecurity-magazine.com